IE sucks. So much so that SecurityFocus columnist and regular Microsoft apologist Tim Mullen even admits as much. To me, what's shocking isn't that someone is saying that it's time to abandon IE, but even Tim says so - although he only suggests that MS split IE into a regular and "Enterprise Edition".

I'll go one step further (as many other security professionals have) and endorse the Browse Happy campaign to switch to an alternate browser. I can say from personal experience that even large corporations and government agencies are seriously considering switching away from IE, or in one case, already have. (usually to Firefox)

Here's a good article from SecurityFocus that explains the security philosophy of "Secure by Default." I'd like to add that in addition to OpenBSD and many Linux distributions, Mac OS X has also adopted this philosophy (I believe the other *BSD distros have as well). As the author notes, there are "some interesting changes " with Windows 2003/XP, but, what they essentially amount to is putting up a firewall in front of the services that can't be shut off/closed (due to design flaws relating to RPC).

I just added SPF support for mail here at technomagik.net!

In case you haven't heard of it, SPF, aka Sender Policy Framework is an innovative anti-spam technology that's very easy to implement. All you need to do is add a couple of DNS TXT records to your domain, to "authorize" valid mail senders. (SPF has a wizard that can generate the relevant records that takes at most a minute to fill out)

If you use the -all option, you can eliminate "joe jobs" against servers that use SPF, and widespread adoption will help combat spam by protecting the envelope sender. The SPF FAQ does a better job explaining all this, you can read it here.

To be truthful, there's more to the story (involving IETF standards, patents, and Microsoft), but I won't get into that. If you want, you can read this undeadly.org article.

Sniff, I miss Black Hat... Here's a bit from SANS Newsbites:

RFID Tags are Not Developed with Security in Mind
(28 July 2004)

Speaking at the Black Hat Briefings conference, Lukas Grunwald, CTO of DN-Systems Enterprise Internet Solutions of Germany, demonstrated software that could allow people to read and write to most RFID tags. Presently, RFID tags are not read-protected, and few are write protected. The vulnerability could be exploited by shoplifters.

http://www.gcn.com/cgi-bin/udt/im.display.printable?client.id=gcndaily2&story.id=26759
http://zdnet.com.com/2102-1105_2-5287912.html?tag=printthis

Please.

I went round and round with a couple of people on this one. If you haven't heard, on 6/29/04 (12:28 PM), Northwest Flight #327 from Detroit to Los Angeles was the proving ground for a terrorist attack... or maybe it wasn't.

According to the original article (which I refuse to link to), a group of 14 Syrian men exhibited suspicious behavior, like: being Middle Eastern, wearing clothes with arabic writing, carrying a McDonalds bag, standing in the aisles talking, and ... (suspense trumpets here) ... going to the bathroom.

Now, the author of the article (who I refuse to identify) arrives at the conclusion that this was a group of terrorists making a dry run for a terrorist attack. She concludes her piece with the following statement: "So the question is... Do I think these men were musicians? I'll let you decide. But I wonder, if 19 terrorists can learn to fly airplanes into buildings, couldn't 14 terrorists learn to play instruments?" Well, I wonder, could a passenger see a group of Middle Eastern men and mistake them for terrorists out of fear and prejudice? I'll let you decide.

Seriously, though, this whole thing is totally ridiculous. I'll let snopes.com sum it up for me: False. Come on, people! When even the federal air marshals are saying there's nothing to worry about, really, there's nothing to worry about! Now go read salon's take on the incident, written by a real pilot.

Here's a couple of more items from the archives:

There's an interesting piece on identity theft insurance, some notes on webcasting royalties, the eldred case, and finally, a presentation by Lawrence Lessig.

Read More... for the full details.

Looks like I'll be purchasing my birthday present a little late this year... I've been anxiously awaiting the long-rumored 60GB iPods, since my music collection has now grown to over 40 gigs, and no longer fits on my "puny" 30GB model. I can't wait!!!

Apple will announce new models of its standard 'white' iPods on Monday, Think Secret has learned. According to sources, the company plans to unveil thinner, sleeker white iPods with a major announcement on Monday, July 19. While the enclosure will be the same general size as that of current iPods, it will be thinner; it will also have a new scroll wheel of different color and design. [Think Secret]

updated: MacRumors notes that Newsweek is doing a cover story on the iPod. The article mentions the new iPods, and a separate article at MSNBC gives details on the specs: new mini-like wheel, improved menus and other new features, including better on-the-go playlist management, and a 50% boost to battery life, to 12 hours. Two models are mentioned, a $299 20GB model and a $399 40GB model. Missing (for now) is the predicted $499 60GB model... the one I need, naturally :(

update 2: According to this article, "no plans in regard to announcing 60-gigabyte models." Say it ain't so !! I guess we'll have to wait & see.

Yes, I'm writing (more like tapping) this from the safety and comfort of my commuter bus, which is more an exercise in dexterity than anything else.

T9 makes entering text fairly easy, but my thumbs are just a little too big, and my keypad just a little too small to make typing comfortable... Yes, I am writing this from my new phone, with the very cool NetFront browser, although I will probably do some final editing on my Mac before posting. Now I can blog from anywhere!

To me, the most interesting aspect of this is how the web has changed over the years, especially with the advent of technologies like CSS, which is finally delivering on its promise of truly device-independent HTML. Yet it's hard to imagine that the designers of CSS could have anticipated surfing the web from your phone.

Hello! although I've only posted about twice a year for the past year and a half or so, hopefully that will change soon... xml-weblog 1.1 is now complete, and although it lacks the originally promised features, (user story submission, sorry Loyal Citizen) it does support a RSS 2.0 feed, as well as editing using NetNewsWire (and other similar tools) using the Blogger/MetaWeblog APIs (as previously announced).

The xml-weblog 1.1 package is available for download, and full details on the new release are available in this article at xml-weblog.org.

Now that 1.1 is complete, hopefully my theory will prove correct, and I will actually start posting to tm.net on a regular basis again. We shall see...

Just poking around, going through my old mail. (OK, like from 2 years ago...) Anyway, I came across a few old news articles I never got around to writing about. There's the accidental wirless hacker, some fitting comments on hacking in general, and the rather interesting case of a hacker arrested not for hacking, but for authoring hacking tools.